Today’s newsletter is in partnership with CrowdStrike

We're in an AI arms race, and cybersecurity is at a turning point.

Attackers are already using AI to move faster, automate attacks, and scale in ways that just weren’t possible a few years ago, so this isn’t some future scenario, it’s already happening. The real question now is whether defenders can actually keep up.

CrowdStrike is building for that reality. 

With the CrowdStrike Falcon Platform, you’re not stuck doing everything manually anymore. Intelligent agents take care of detection, triage, investigation, and response tasks across endpoints, identities, cloud, and SaaS, so your team isn’t wasting time clicking through endless alerts (trust me, I’ve been there).

There are already 10+ out-of-the-box agents live today, and with Charlotte AI AgentWorks, teams can even build their own.

These agents are trained on years of expertise from top SOC operators worldwide. 

For security leaders, this is the shift that separates teams that stay ahead from those that fall behind. For those early in their cybersecurity journey, this is where the SOC is heading. The professionals who understand agentic security operations now will be leading teams in just a few years.

The AI era is here. The only question is who holds the advantage.

🔐 Check out CrowdStrike's virtual AI Summit to see how the AI advantage is shaping the future of security. 

_{Let’s get into the headlines for the week!}

_{1. HackerOne Discloses Employee Data Breach After Navia Hack}

🛡️ What Happened?

In a striking reminder of how third-party vulnerabilities can ripple through the security landscape, HackerOne, a leading bug bounty and coordinated vulnerability disclosure platform, has disclosed that personal data belonging to hundreds of its employees was exposed following a breach of its U.S. benefits administrator, Navia Benefit Solutions.

The incident stems from a cyberattack on Navia, a benefits management provider used by HackerOne and thousands of other organizations. Attackers exploited a Broken Object Level Authorization (BOLA) vulnerability in Navia’s systems, enabling unauthorized access to sensitive information stored there.

Navia’s investigation revealed that the breach occurred between December 22, 2025 and January 15, 2026, and was first detected on January 23, 2026.

🔍 Why It Matters

According to HackerOne’s filing with the Maine Attorney General, 287 employees may have had the following types of personal data accessed:

• Full names

• Dates of birth

• Social Security numbers

• Email addresses

• Contact information

• Benefit plan participation details and related dates

While there’s no evidence yet of malicious use of the data, the exposure of this level of personally identifiable information (PII) elevates the risk of phishing, identity theft, and social engineering threats.

While HackerOne’s own infrastructure was not directly compromised, the incident highlights the significant risk posed by vulnerabilities in third-party service providers, even for organizations specializing in cybersecurity.

➕ Read more: BleepingComputer

2. Crunchyroll Breach Hits 6.8 Million Users

🛡️ What Happened?

Crunchyroll confirmed a major data breach after a threat actor compromised the Okta SSO account of a Telus International support agent. During a 24-hour window, the attacker downloaded 8 million support tickets, which exposed data on 6.8 million users. The stolen information includes names, emails, login names, IP addresses, and general locations. The hacker attempted a 5 million dollar extortion, but Crunchyroll did not respond.

🔍 Why It Matters

A single compromised vendor account led to data exposure affecting nearly 7 million users. This incident highlights that third-party identity compromise remains one of the biggest blind spots in security.

➕ Read more: BleepingComputer

3. Stryker Attack Deeper Than Expected

🛡️ What Happened?

Stryker’s investigation into its Iran-linked cyberattack shows that the attackers used a malicious file to hide their activity. This contradicts early assumptions that no malware was involved. After gaining access to Microsoft Intune, the threat actor wiped data across devices worldwide. The group known as Handala claims it wiped 200,000 systems, which forced major operational shutdowns.

🔍 Why It Matters

This was not random destruction. It was a stealthy, planned, and targeted operation. Healthcare and critical infrastructure organizations must prepare for attackers who blend in quietly before causing major damage.

➕ Read more: SecurityWeek

4. ShinyHunters Breach Infinite Campus, Affecting 11 Million Students

🛡️ What Happened?

Infinite Campus, a nationwide K-12 student information system, was breached after an attacker compromised an employee’s Salesforce account. ShinyHunters claimed responsibility and attempted extortion. The platform stores sensitive data for approximately 11 million students, and the full impact is still being assessed.

🔍 Why It Matters

When schools are attacked, the consequences are widespread and deeply personal. Children’s data is particularly sensitive, since it often remains unmonitored for years, and that gives attackers long-term opportunities for identity fraud. Once again, the root cause was a single compromised identity rather than a direct system breach.

➕ Read more: Privacy Guides

🔦 This Week’s Theme: Identity Is the Weakest Link

Crunchyroll, Stryker, and Infinite Campus all experienced breaches caused by compromised accounts rather than sophisticated exploits. Attackers continue to succeed by targeting people instead of traditional perimeter defenses.